[CIVN-2022-0488] Authentication Bypass Vulnerability in NetApp OnCommand Insight

Severity Rating: HIGH

Software Affected

NetApp OnCommand Insight versions 7.3.1 through 7.3.14

Overview

A vulnerability has been reported in NetApp OnCommand Insight products which could allow an unauthenticated attacker to bypass security restriction on the targeted system.

Description

This vulnerability exists due to an error in the Data Warehouse component. An attacker could exploit this vulnerability by sending a specially crafted request.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to bypass authentication process, view limited configuration data, view operations or perform privileged operations on the administrative interface on the targeted system.

Solution

Update to the latest version:

https://security.netapp.com/advisory/ntap-20221220-0001/

Vendor Information

NetApp

https://security.netapp.com/advisory/ntap-20221220-0001/

References

NetApp

https://security.netapp.com/advisory/ntap-20221220-0001/

CVE Name

CVE-2022-38733

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

[CIVN-2022-0488] Authentication Bypass Vulnerability in NetApp OnCommand Insight

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive